Method and program for outputting virtual code generated from payment card, and payment card for generating virtual code

ABSTRACT

A method and a program for outputting a virtual code generated from a payment card, and a payment card for generating a virtual code are provided. The method for outputting the virtual code generated from the payment card includes receiving, by a virtual code output application, a virtual code from a payment card after connecting the payment card with a mobile terminal through short-range wireless communication, and outputting, by the virtual code output application, the virtual code on the screen.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of International PatentApplication No. PCT/KR2018/008741, filed Aug. 1, 2018, which are basedupon and claims the benefit of priority to Korean Patent ApplicationNos. 10-2017-0100953 filed on Aug. 9, 2017 and 10-2018-0081707 filed onJul. 13, 2018. The disclosures of the above-listed applications arehereby incorporated by reference herein in their entirety.

BACKGROUND

Embodiments of the inventive concept disclosed herein relate to a methodand a program for outputting a virtual code, which is generated from apayment card, on a screen, and the payment card for generating thevirtual code, and more particularly to a method for transmitting avirtual code generated from a payment card to a mobile terminal andoutputting the virtual code on a screen, and a payment card for thesame.

Data in the form of a code has been used in many fields. The data in theform of the code includes, an Internet Personal Identification Number(IPIN) and a social security number for user identification, as well asa card number and an account number used for payment.

However, many accidents occur in the process of using such code data. Inthe case of the card number, since the real card number is written onthe surface of the card, the real card number is visually leaked toanother person, and is transmitted to a Point of Sales (POS) terminalwithout change in payment using a magnetic manner.

Although many attempts have been made to use a virtual card number or avirtual token to prevent the real card number from being leaked, thereis required data for identifying a user to detect a real card numbercorresponding to the virtual card number or virtual token. For example,in the case of One Time Password (OTP), although a code is changed andgenerated every time, a login procedure is required to determine analgorithm assigned to a user. Accordingly, it is difficult to apply theOTP to various fields. Accordingly, there is required an invention thatmay detect a real card number based on a virtual card number changed inreal time, without providing identification information for a user ordevice corresponding to the real card number.

SUMMARY

The payment card, which generates the virtual code, has no display onthe surface, so the generated virtual code may not be visuallyidentified. In general, although the direct identification of thevirtual code is unnecessary when payment is performed offline, there isa difficulty in online payment or offline payment requiring direct inputof code data.

Embodiments of the inventive concept provide a method and a program foroutputting a virtual code, which is generated from a payment card, on ascreen, which enables a user to identify the virtual code generated formthe payment card having no display, through a mobile terminal of theuser, and a payment card for generating a virtual code.

The objects of the inventive concept are not limited to the above, butother effects, which are not mentioned, will be apparently understood tothose skilled in the art.

According to an exemplary embodiment, a method for outputting a virtualcode, which is generated from a payment card, on a screen includesreceiving, by a virtual code output application, the virtual code fromthe payment card after connecting the payment card with a mobileterminal through short-range wireless communication, and outputting, bythe virtual code output application, the virtual code on the screen. Thevirtual code output application is installed or embedded in the mobileterminal. The virtual code is generated as a code matched to a real cardnumber through a virtual code generating function, which is stored inthe payment card, at every unit count, and is used to detect the realcard number in a financial company server or a virtual token verifyingserver. The unit count is set as a specific time interval and changed asthe specific time interval is elapsed.

According to an exemplary embodiment, the virtual code outputapplication is activated when the short-range wireless communication ismade between the payment card and the mobile terminal as the virtualcode output application is run in the background in the mobile terminal.

According to an exemplary embodiment, a method for outputting a virtualcode, which is generated from a payment card, on a screen, includessynchronizing, by a virtual code output application, time of anencryption algorithm through wireless communication between a virtualcode output application and the payment card, receiving, by the virtualcode output application, an encrypted code generated from the paymentcard, wherein the encrypted code is obtained by encrypting the virtualcode generated from the payment card based on the synchronizedencryption algorithm, decrypting, by the virtual code outputapplication, the encrypted code to the virtual code based on theencryption algorithm, and outputting, by the virtual code outputapplication, the virtual code on the screen. The virtual code isgenerated as a code matched to a real card number through a virtual codegenerating function, which is stored in the payment card, at every unitcount, and is used to detect the real card number in a financial companyserver or a virtual token verifying server, and the unit count is set asa specific time interval and changed as the specific time interval iselapsed.

According to an exemplary embodiment, the encryption algorithm ismatched to an encryption rule every time.

According to exemplary embodiment, the payment card generates at leastone detailed code through at least one detailed code generatingfunction, and generates the virtual code by combining the at least onedetailed code through a detailed code combining function. The detailedcode generating function and the detailed code combining function areincluded in the virtual code generating function. The at least onedetailed code includes a first code to set a starting point of searchingfor a storage position, and a second code to set a search path to thestorage position from the starting point according to a specificsearching scheme.

According to an exemplary embodiment, a method for outputting a virtualcode, which is generated from a payment card, on a screen, includesreceiving, by a second virtual code generating module, a virtualsecurity code from a first virtual code generating module, generating,by the second virtual code generating module, at least one detailed codethrough at least one detailed code generating function, generating, bythe second virtual code generating module, the virtual code throughcombination of the at least one detailed code through at least onedetailed code combining function, and outputting, by the second virtualcode generating module the virtual code the screen. The virtual code isgenerated as a code matched to a real card number through a virtual codegenerating function, which is stored in the payment card, at every unitcount, and is used to detect the real card number in a financial companyserver or a virtual token verifying server. The virtual code generatingfunction includes the detailed code generating function and the detailedcode combining function. The first virtual code generating module isincluded in the payment card, and the mobile terminal is embeddedtherein or installed with a virtual code output application includingthe second virtual code generating module. The second virtual codegenerating module generates a plurality of detailed codes matched to aunit count in which generation of the virtual code is requested usingthe virtual security code, generates the virtual code by combining theplurality of detailed codes, and outputs the virtual code on the screen.The unit count is set as a specific time interval and changed as thespecific time interval is elapsed.

According to an exemplary embodiment, the plurality of detailed codesinclude a first code generated based on a first count, and a second codegenerated based on a second count. The first count is the number of unitcounts elapsed from an initial time point at which the virtual codegenerating function is run in a virtual code verifying server, thesecond count is the number of unit counts elapsed from a time point atwhich a real card number of a specific user is issued, and thegenerating of the at least one detailed code includes applying thevirtual security code to the second count or the number of countselapsed from a current time point.

According to an exemplary embodiment, the method may further includeproviding, by the virtual code output application, the virtual code to aclipboard. The virtual code provided on the clipboard is input to anonline payment page in response to an operation of a user.

According to an exemplary embodiment, a payment card includes a virtualcode generating unit to generate a virtual code, and a virtual codetransmitting unit to transmit the virtual code to a mobile terminalafter recognizing connection with the mobile terminal throughshort-range wireless communication. The mobile terminal outputs, on ascreen, the virtual code received from a payment card through a virtualcode output application, the virtual code is generated as a code matchedto a real card number through a virtual code generating function, whichis stored in the payment card, at every unit count, and is used todetect the real card number in a financial company server or a virtualtoken verifying server, and the unit count is set as a specific timeinterval and changed as the specific time interval is elapsed.

According to an exemplary embodiment, a payment card includes a virtualcode generating unit to generate a virtual code at every unit countthrough a virtual code generating function, a timer to synchronize timeof an encryption algorithm through wireless communication with a mobileterminal, an encrypted code generating unit to generate an encryptedcode from the virtual code based on the synchronized encryptionalgorithm, a wireless communication unit to transmit the encrypted codeto the mobile terminal through wireless communication. The wirelesscommunication unit transmits synchronization condition data to themobile terminal or receives the synchronization condition data from themobile terminal, the mobile terminal outputs, on a screen, the virtualcode received from a payment card through a virtual code outputapplication, the virtual code is generated as a code matched to a realcard number through the virtual code generating function, which isstored therein, at every unit count, and is used to detect the real cardnumber in a financial company server or a virtual token verifyingserver, and the unit count is set as a specific time interval andchanged as the specific time interval is elapsed.

According to an exemplary embodiment, a payment card includes a firstvirtual code generating module. The first virtual code generating moduleincludes a virtual security code generating unit to generate a virtualsecurity code using a time value and a card security code of a real cardnumber, in which the virtual security code is a disposable code having aspecific digit number, and a wireless communication unit to transmit thevirtual security code to a mobile terminal. The mobile terminal isembedded or installed with a virtual code output application including asecond virtual code generating module, the second virtual codegenerating module generates a plurality of detailed codes matched to aunit count in which generation of the virtual code is requested usingthe virtual security code, generates the virtual code by combining theplurality of detailed codes, and outputs the virtual code on the screen.The virtual code is generated as a code matched to a real card numberthrough a virtual code generating function, which is stored in thepayment card, at every unit count, and is used to detect the real cardnumber in a financial company server or a virtual token verifyingserver, and the unit count is set as a specific time interval andchanged as the specific time interval is elapsed.

BRIEF DESCRIPTION OF THE FIGURES

The above and other objects and features will become apparent from thefollowing description with reference to the following figures, whereinlike reference numerals refer to like parts throughout the variousfigures unless otherwise specified, and wherein:

FIG. 1 is a flowchart illustrating a method for outputting a virtualcode, which is generated from a payment card, on a screen according toan embodiment of the inventive concept;

FIG. 2 is a flowchart illustrating a method for outputting a virtualcode, which is generated from a payment card, on a screen according toanother embodiment of the inventive concept;

FIG. 3 is a flowchart illustrating a procedure of generating anencrypted code after generating a virtual code from a payment card;

FIG. 4 is a flowchart illustrating a method for outputting a virtualcode, which is generated from a payment card, on a screen according toanother embodiment of the inventive concept;

FIG. 5 is a flowchart illustrating a method for outputting a virtualcode, which is generated from a payment card, on a screen, in which themethod further includes providing the virtual code to a clipboard,according to another embodiment of the inventive concept;

FIG. 6 is a block diagram illustrating the internal structure of apayment card to transmit a virtual code through short-range wirelesscommunication, according to another embodiment of the inventive concept;

FIG. 7 is a block diagram illustrating the internal structure of apayment card to transmit an encrypted code based on a virtual code,according to still another embodiment of the inventive concept; and

FIG. 8 is a block diagram illustrating the internal structure of apayment card to transmit a virtual security code according to anotherembodiment of the inventive concept.

DETAILED DESCRIPTION

Hereinafter, an exemplary embodiment of the inventive concept will bedescribed with reference to accompanying drawings. Advantage points andfeatures of the inventive concept and a method of accomplishing the samewill become apparent from the following description made with referenceto accompanying drawings. The inventive concept, however, may beembodied in various different forms, and should not be construed asbeing limited only to the illustrated embodiments. Rather, theseembodiments are provided as examples so that this disclosure will bethorough and complete, and will fully convey the concept of theinventive concept to those skilled in the art. The inventive concept maybe defined by scope of the claims. Meanwhile, the terminology usedherein to describe embodiments of the invention is not intended to limitthe scope of the inventive concept. Like reference numerals refer tolike elements throughout the whole specification.

Unless otherwise defined, all terms (including technical and scientificterms) used herein have the same meaning as commonly understood by thoseskilled in the art. It will be further understood that terms, such asthose defined in commonly used dictionaries, should be interpreted ashaving a meaning that is consistent with their meaning in the context ofthe relevant art and will not be interpreted in an idealized or overlyformal sense unless expressly so defined herein.

The terminology used in the inventive concept is provided for theillustrative purpose, but the inventive concept is not limited thereto.As used herein, the singular terms “a,” “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. Furthermore, it will be further understood that the terms“comprises”, “comprising,” “includes” and/or “including”, when usedherein, specify the presence of stated elements, steps, operations,and/or devices, but do not preclude the presence or addition of one ormore other components, steps, operations and/or devices.

Herein, a ‘character’ is an element to form a code, and includes anentire portion or some of an uppercase alphabet, a lowercase alphabet, anumber, and a special character.

Herein, a ‘code’ refers to a character string in which characters arelisted.

Herein, a ‘card number’, which is used for a financial transaction, suchas payment, is a number assigned to a card, and transmitted to a cardcompany in the situation of payment or the cancellation of the payment.

Herein, a ‘real card number’ is a number assigned to a card of aspecific user by a card company. In other words, the ‘real card number’refers to a number assigned to a general actual card or a mobile card.

Herein, a ‘virtual code’ is a card number temporarily generated to beconnected to a real card number, and is a code having a specific digitnumber, which is formed using characters including numbers. The virtualcode includes a virtual card number used to detect a real card number ina financial company server, a virtual token used to detect the real cardnumber in a virtual token verification server.

Herein, the ‘detailed code’ refers to some code included in the virtualtoken. In other words, when the virtual token is generated by combininga plurality of separately generated codes, the detailed code refers to aindividual code separately generated and constituting the virtual token.

Herein, a ‘unit count’ is set as a specific time interval and changed asthe specific time interval is elapsed. For example, ‘count 1’ may be setas a specific time interval (for example, 1.5 seconds) and used.

Herein, a ‘virtual code generating function’ refers to a function usedto generate a virtual token.

Herein, a ‘detailed code generating function’ refers to a function ofgenerating each detailed code constituting the virtual code number.

Herein, a ‘detailed code combining function’ refers to a function ofgenerating a virtual code (for example, a virtual card number or avirtual token) obtained by combining or linking a plurality of detailedcodes.

Herein, a ‘mobile terminal’ includes various devices to provide a resultfor a user by performing an arithmetic operation. For example, acomputer may correspond to, as well as a desktop personal computer (PC)or a notebook, a smartphone, a tablet PC, a cellular phone, a personalcommunication service (PCS) phone, a mobile terminal of asynchronous/asynchronous international mobile telecommunication(IMT-2000), a palm personal computer, or a personal digital assistant(PDA).

Herein, a ‘payment card’ refers to an entire portion or a portion of thevirtual code generating function.

Herein, a ‘payment service server’ includes all servers of providerslinking or assisting a payment service between a virtual token verifyingserver or a financial company server in a virtual token generatingdevice or a POS terminal. In other words, the payment service server maycorrespond to a payment gateway (a service provider that performstransactions with a financial institution on the Internet), a paymentagency (VAN company), or a server of Acquirer.

Herein, a ‘financial company server’ refers to a server that determineswhether to approve payment based on the real card number.

Herein, a ‘virtual token verifying server’ refers to a server thatdetects a real card number based on a virtual token and transmits thereal card number to the payment service server or the financial companyserver.

Herein, a ‘virtual code output application’, which is an applicationinstalled or embedded in a mobile terminal, outputs a virtual code on ascreen.

Herein, ‘short-range wireless communication’ refers to wirelesscommunication performed as a terminal, which is spaced, comes intocontact or proximity. For example, ‘short-range wireless communication’refers to a scheme in which a plurality of terminals make wirelesscommunication at distances where users manually control the terminalswhile personally determining communication states.

Herein, a ‘virtual code generating module’ refers to a module togenerate a virtual code in the form provided to a virtual code verifyingserver. Herein, the ‘virtual code generating module’ may be divided intoa plurality of detailed modules depending on functions. The detailedmodules included in the virtual code generating module may be includedin one terminal device or may be separately included in individualterminal devices.

Herein, a ‘first virtual code generating module’ refers to a module togenerate a virtual security code used to generate the virtual code.

Herein, a ‘second virtual code generating module’ refers to a module togenerate a virtual code using the virtual security code generated fromthe first virtual code generating module. In other words, the ‘secondvirtual code generating module’ includes a detailed code generatingfunction and a detailed code combining function.

Hereinafter, the configuration of a real card number will be describedto illustrate a procedure of generating and outputting a virtual codewhich is a substitute of the real card number, according to anembodiment of the inventive concept.

The ‘real card number’ includes at least one of a card identification(ID) number, a card security code, and a card validity period. The cardID number is a code assigned to identify a card company, a card type,and a card user. In general, the card ID number assigned to a card has15 or 16 digits. In general, in the case of a card ID number having 16digits, the first 6 digits constitute the issuer identification number(IIN) of the card, the 7^(th) digit to the 15^(th) digit have codesassigned to each card according to an arbitrary rule, and the 16^(th)digit has a value for verifying the card ID number according to aspecific formula.

The card security code is printed at one side of the card and has aspecific digit number (for example, Visa and Master have three digits,and American Express has four digits). In other words, when the cardsecurity code has three digits, and the card ID number 16 digits, thecard security code of a 3-digit code and the card ID number of a16-digit code are encrypted/decrypted according to the specific rule. Ifthe relevant values are matched, the card is verified as a normal card.The card security codes have different names depending on cardcompanies. Accordingly, the card security code of Visa card is calledCard Verification Value (CVV), the card security card of MasterCard/JCBis called Card Validation Code (CVC), and the card security code ofAmerican Express is called Confidential Identifier Number or CardIdentification Number (CID).

The card validity period refers to a time limit that may be used after areal card number is issued. In general, in the card validity period, twodigits are assigned to each of year and month fields to form a 4-digitcode.

Hereinafter, a method and a program for outputting a virtual codegenerated from a payment card, and the payment card according toembodiments of the inventive concept will be described in detail withreference to accompanying drawings.

FIG. 1 is a flowchart illustrating a method for outputting the virtualcode, which is generated from the payment card, on a screen, accordingto an embodiment of the inventive concept.

Referring to FIG. 1, according to an embodiment of the inventiveconcept, the method for outputting the virtual code generated from thepayment card includes receiving, by a virtual code output application,the virtual code from the payment card after connecting the payment cardwith a mobile terminal through short-range wireless communication(S120), and outputting, by the virtual code output application, thevirtual code on the screen (S140).

The virtual code output application receives the virtual code from thepayment card after connecting the payment card with the mobile terminalthrough short-range wireless communication (S120). The virtual codeoutput application may receive the virtual code generated from thepayment card as a user manipulates the mobile terminal or the paymentcard.

According to an embodiment, when the user manipulates the mobileterminal, the virtual code output application is run to transmit arequest the payment card to provide the virtual code through short-rangewireless communication (for example, NFC communication). Thereafter,when the payment card is connected with the mobile terminal through theshort-range wireless communication, the payment card generates andtransmits a virtual code corresponding to a relevant time point. Thevirtual code is generated as a code matched to a real card numberthrough the virtual code generating function, which is stored in thepayment card, at every unit count, and is used to detect the real cardnumber in a financial company server or a virtual token verifyingserver.

In addition, according to another embodiment, when the user starts theprocedure for outputting the virtual code by manipulating the paymentcard, the payment card receives a manipulation of activating the virtualcode from the user. For example, the user may activate the payment cardby operating a button provided on the surface of the payment card or byinputting an operation of shaking or tapping the payment card.

Thereafter, the payment card generates the virtual code and transmitsthe virtual code to the mobile terminal through short-range wirelesscommunication. The virtual code is generated corresponding to a virtualcode generation time point by the virtual code generating functionstored in the payment card. In this case, the virtual code outputapplication recognizes that that short-range wireless communication ismade, as the payment card is in the proximity or contact to the mobileterminal after the payment card is activated. According to anembodiment, the virtual code output application is activated, when theshort-range wireless communication is made between the payment card andthe mobile terminal, as the virtual code output application is run inthe background in the mobile terminal.

If the payment card transmits the virtual code through long-rangewireless communication (for example, Bluetooth communication) ratherthan short-range wireless communication, there may occur a situationthat another person intercepts the virtual code and uses the virtualcode for payment. Accordingly, the short-range wireless communication ismade between the payment card and the mobile terminal.

For example, when a user uses a mobile terminal case for inserting thepayment card (for example, a smartphone case allowing the payment cardto be inserted into the rear surface of a smartphone), the payment cardand the mobile terminal is in contact with each other. Accordingly, theuser may activate the payment card by manipulating the mobile terminalor the payment card, without performing a separate operation to bringthe payment card into contact with the mobile terminal. In addition, forexample, when there is a space for inserting the payment card in a casecover, and when the case cover is folded and placed on the rear surfaceof the mobile terminal, the payment card and the mobile terminal are incontact with each other in the state that the user views the screen ofthe mobile terminal. Accordingly, the user does not need to perform aseparate operation to bring the payment card into contact with themobile terminal.

In detail, when a user uses a mobile terminal case allowing the paymentcard to be inserted into the rear surface of the mobile terminal, theuser may activate the payment card disposed on the rear surface of themobile terminal by tapping the payment card with a finger of the user orpressing a button, and the payment card may generate a virtual codethrough a virtual code generating function stored in the payment card.Thereafter, a program (virtual code output program) for outputting thevirtual code in the mobile terminal receives the virtual code from thepayment card through short-range wireless communication. Since themobile terminal and the payment card are in proximity to each other, theuser does not need to perform a separate operation to bring the paymentcard into contact with the mobile terminal or to make the payment cardin proximity to the mobile terminal.

The virtual code output application outputs the virtual code on thescreen (S140). The virtual code output application includes a userinterface for displaying the virtual code on the screen.

In addition, according to another embodiment, the virtual code outputapplication further includes providing the virtual code to a clipboard.The virtual code output application may include a button for requestingthe virtual code to be provided to the clipboard on the user interfacefor displaying the virtual code. The virtual code output applicationprovides the clipboard such that the virtual code output on the screenis inserted into another program in response to the request of the user.

FIG. 2 is a method for outputting the screen of the virtual codegenerated from the payment card, according to another embodiment of theinventive concept.

Referring to FIG. 2, according to another embodiment of the inventiveconcept, the method for outputting the virtual code generated from thepayment card includes synchronizing, by the virtual code outputapplication, time of an encryption algorithm through wirelesscommunication between the virtual code output application and thepayment card (S220); receiving, by the virtual code output application,an encrypted code generated in the payment card (S240; encrypted codereceiving step), decrypting, by the virtual code output application, theencrypted code to a virtual code based on the encryption algorithm(S260), and outputting, by the virtual code output application, thevirtual code on the screen (S280). Hereinafter, the details of each stepwill be made.

The virtual code output application synchronizes the time of theencryption algorithm through the wireless communication between thevirtual code output application and the payment card (S220). The paymentcard and the mobile terminal (that is, the virtual code outputapplication) include the same encryption algorithm. Accordingly, thepayment card generates the virtual code in the form of an encryptioncode as described below, and decrypts the received encryption code torecover the virtual code.

The virtual code generating module in the payment card and the mobileterminal (that is, the virtual code output application) may change theencryption algorithm (for example, may change an encryption pattern (oran encryption code change pattern) depending on a specific rule toprevent another person from obtaining a plurality of encryption codes,which are provided from the virtual code generating module to the mobileterminal, to find out the encryption algorithm.

For example, when the payment card receives the request to generate avirtual code from the virtual code output application or when theoperation of requesting the payment card to generate the virtual code isinput from a user, the payment card synchronizes the time with themobile terminal (that is, the virtual code output application) such thatthe payment card (that is, the virtual code generating module) and themobile terminal (that is, the virtual code output application) performconverting and recovering with the same encryption pattern. For example,the virtual code generating module in the payment card may performsynchronization to be matched to the time data of a clock included inthe mobile terminal (that is, the virtual code output application).

Since the mobile terminal includes a global positioning system (GPS)module or a wireless communication module (for example, a Wi-Fi moduleor LTE module) that is able to communicate with an external server, themobile terminal may accurately match the time data. However, since thepayment card produces time, errors may occur. Accordingly, the time datain the mobile terminal may be mismatched from the time data in thepayment card. Accordingly, the timers in the payment card and the mobileterminal need to be synchronized with each other such that the virtualcode output application and the virtual code generating module performencryption based on time data. The scheme of changing an encryptionpattern by utilizing the time data will be described below.

The virtual code output application receives the encrypted codegenerated from the payment card (S240). The virtual code is generated asa code matched to a real card number through the virtual code generatingfunction, which is stored in the payment card, at every unit count, andis used to detect the real card number in a financial company server ora virtual token verifying server.

Referring to FIG. 3, the virtual code generating module in the paymentcard generates the virtual code (S241; virtual code generating step).The virtual code generating module may include the same virtual codegenerating function as that included in the virtual code verifyingserver (that is, the financial company server or a virtual tokenverifying server). Accordingly, the virtual code verifying server (forexample, financial company server) may perform a financial transactionafter receiving a virtual code, which is generated by the virtual codegenerating module in the payment card to be output to the outside inoffline payment or is provided by the virtual code output application,and detecting a real card number.

The virtual code generating function generates the virtual code invarious schemes. According to an embodiment, the virtual code generatingstep (S241) includes generating, by the virtual code generating module,at least one detailed code through at least one detailed code generatingfunction, and generating, by the virtual code generating module, thevirtual code by combining the at least detailed code through a detailedcode combining function. In other words, the virtual code generatingfunction includes the detailed code generating function and the detailedcode combining function.

First, the virtual code generating module generates at least onedetailed code through at least one detailed code generating function.For example, the virtual code generating module generates a first codeand a second code by including a first function and a second function asthe detailed code generating function.

According to an embodiment, in the scheme of generating the first codeand the second code by the virtual code generating module, the pluralityof detailed codes include a first code for setting a starting point fordetecting a storage position of a real card number in the virtual codeverifying server (for example, the financial company server or thevirtual token verifying server); and a second code for setting adetecting path from the starting point to the storage position accordingto the specific detection scheme. Although the first code and the secondcode have the correlation for detecting the storage position of the realcard number in the virtual code verifying server, a virtual codegenerating module includes, as a detailed code generating function, afirst function to generate the first code and a second function togenerate the second code for enhancing the security, but may not includedata on the correlation between the first code and the second code.

Further, according to another embodiment, the plurality of detailedcodes may include: a first code generated based on a first count; and asecond code generated based on a second count. The first countcorresponds to the number of unit counts elapsed from the initial timepoint at which the virtual code generating function is run in thevirtual code verifying server, and the second count is the number ofunit counts elapsed from a time point (issued time point) at which thereal card number of a specific user is issued. In other words, a firstfunction for generating the first code is a function for providing aspecific code value corresponding to the first count, and a secondfunction for generating the second code is a function for providing aspecific code value corresponding to the second count.

Accordingly, the virtual code is not duplicated regardless of thevirtual code generating time and a user. The first code is set to anyone code value (for example, a code value corresponding to a time pointat which the generation of the virtual code is requested) of the codesmatched at each count from the initial time point at which the firstfunction is run in the virtual code verification server. Accordingly,the virtual code generating module generates a code value, which isvaried at every virtual code generating time, as the first code for thesame user. In addition, the second count value is always varied in eachvirtual code generating module at the same time point to prevent thereal card number from being issued at the same time point. Accordingly,the virtual code generating module always generates a different secondcode for each user at the same time point. In other words, the firstcode has a different code value at each count and the second code has adifferent code value in the virtual code generating module (that is, anAPP card application installed in a mobile terminal 10 of each user) ofeach user at the same time point. Accordingly, the virtual codegenerated by combining the first code and the second code is outputwithout being duplicated, regardless of a user and a virtual codegeneration request time.

In addition, according to an embodiment, the virtual code generatingmodule generates the first code and the second code by using a virtualsecurity code. In other words, the virtual code generating module (or afirst virtual code generating module to generate the virtual securitycode and a second virtual code generating module when the second virtualcode generating module is included to generate a virtual code based onthe virtual security code) applies the virtual security code to thenumber of counts elapsed from the second count or the current timepoint. In this case, the second virtual code generating module generatesthe first code by applying, to the first count, the number of counts,which is obtained by adding a count (that is, the count serving as abasis of the generation of the second code), which corresponds to theissued time point of the real card number, to the virtual security code.

In detail, the first virtual code generating module included in thevirtual code generating module generates a virtual security code throughOne Time Password (OTP; a user authentication scheme employing adisposable password randomly generated instead of a fixed password). Inother words, the first virtual code generating module generates an OTPby using, as key data, time data (that is, the virtual code generationrequesting time point), an intrinsic card value, and a card securitycode (that is, a CVC or CVV of the real card number) of a real cardnumber

The second virtual code generating module generates each detailed codeusing the virtual security code. In other words, the second virtual codegenerating module applies the virtual security code to a second count(that is, the number of counts shifted from the issued time point of thereal card number) or the number (that is, the number of counts shiftedfrom the current time point) of counts elapsed from a current timepoint. In this case, the second virtual code generating module generatesthe first code by applying, to the first count, the number of counts,which is obtained by adding a count (that is, the count serving as abasis of the generation of the second code), which corresponds to theissued time point of the real card number, to the virtual security code.Accordingly, as another person fails to recognize the sequence (that is,the first function and the second function) provided by the first codeand the second code forming the virtual code, security may be improved.

The virtual code generating module generates a virtual code by combiningthe at least one detailed code through the detailed code combiningfunction. A scheme of generating one virtual code by combining aplurality of detailed codes may include various schemes. For example,the detailed code combining function may generate a virtual code byalternately placing a first code having N digits and a second codehaving N digits. In addition, according to another embodiment, thedetailed code generating function may be a function of placing thesecond code after the first code. As detailed codes included in thevirtual function are increased, various detailed code generatingfunctions may be generated.

The virtual code generating module generates an encrypted code from avirtual code based on the synchronized encryption algorithm (S242). Inother words, the virtual code generating module generates the encryptedcode from the virtual code based on a conversion pattern (that is, anencryption pattern) corresponding to a time point synchronized with atime point of the virtual code output application in the mobileterminal.

According to an embodiment, another person is prevented from recoveringthe virtual code due to the leakage of key data as the OTP code for codeconversion, which is changed every moment, is used as the key data forencryption or decryption. In other words, as the virtual code generatingmodule and the encryption module in the payment card perform encryptionand decryption using the OPT code for code conversion, which is randomlygenerated through an OTP function at each moment, another person failsto detect key data used for encryption and decryption at a specific timepoint. Accordingly, this may solve the problem occurring in aconventional encryption scheme in which the key data used for encryptionand decryption is fixed to allow another person to decrypt the encryptedcode due to the leakage of the key data.

In detail, in the generating of the encrypted code (S242), an OTP codefor code conversion is generated using an ID value (for example, theintrinsic number of the payment card) included in the payment card andthe synchronized time data, and a relevant conversion pattern is appliedto the OTP code for the code conversion, thereby converting the virtualcode into the encrypted code. The virtual code generating module, whichmay have various rules (that is., encryption rules) for generating anencrypted code from a virtual code, may generate the encrypted code byapplying a relevant encryption rule to the OTP code value for codeconversion, which is generated at a time point at which the virtual codeis generated. Accordingly, although another person detects thesynchronized time data between the application and the payment card, andthe identification value of the payment card, if the another personfails to recognize an algorithm of generating the OPT code for the codeconversion, the another person fails to recover the virtual code fromthe encrypted code. In addition, if the another person fails torecognize the matching relationship between the OTP code for the codeconversion and the conversion pattern (or the encryption rule), theanother person fails to recover the virtual code from the encryptedcode.

Thereafter, the virtual code generating module transmits the encryptedcode to the mobile terminal (S243). In other words, the virtual codeoutput application in the mobile terminal receives the encrypted codefrom the payment card. In this case, the virtual code generating modulemay transmit the encrypted code through various communication schemes.

The virtual code output application decrypts the encrypted code to thevirtual code based on the encryption algorithm (S260). Thereafter, thevirtual code output application outputs the virtual code on the screen(S280).

FIG. 4 is a flowchart illustrating the method for outputting the virtualcode, which is generated from the payment card, according to anotherembodiment of the inventive concept.

Referring to FIG. 4, according to another embodiment of the inventiveconcept, the method for outputting the virtual code, which is generatedfrom the payment card, includes receiving, by the second virtual codegenerating module, a virtual security code from the first virtual codegenerating module (S320; virtual security code receiving step),generating, by the second virtual code generating module, at least onedetailed code through at least one detailed code generating function(S340), generating, by the second virtual code generating module, thevirtual code through combination of at least one detailed code throughat least one detailed code combining function (S360), and outputting, bythe second virtual code generating module, the virtual code on thescreen (S380). Hereinafter, the details of each step will be describedin detail.

To generate and output a virtual code based on a virtual security code,there are required the first virtual code generating module to generatethe virtual security code and the second virtual code generating moduleto generate the virtual code through a virtual code generating function.The payment card may include the first virtual code generating moduleand the second virtual code generating module to generate the virtualcode and to output the virtual code to the outside in offline payment.However, when the payment card does not include a display, the paymentcard may use the display of the mobile terminal instead through aprogram for outputting the virtual code, to generate the virtual code.To prevent the virtual code from being leaked in the process of beingtransmitted to the mobile terminal for screen output, only a virtualsecurity code generated in the first virtual code generating module istransmitted to the mobile terminal, and the virtual code is completed bythe second virtual code generating module, which is included in thevirtual code output application and identical to that of the paymentcard, and is output on the screen. In other words, the presentembodiment is performed by the first virtual code generating moduleincluded in the payment card and the second virtual code generatingmodule included in the virtual code output application. In particular,the present embodiment relates to a procedure of performing the secondvirtual code generating module in the virtual code output application.

First, the second virtual code generating module receives a virtualsecurity code from the first virtual code generating module (S320;virtual security code receiving step). As the payment card is activatedor the virtual code output application is run by the operation (forexample, the operation of pressing a button provided in the payment cardor of moving the payment card) of the user, the first virtual codegenerating module in the payment card transmits a virtual security code,which is used to generate a virtual code, to a mobile terminal having avirtual code output application including the second virtual codegenerating module.

The first virtual code generating module is embedded or installed in thepayment card and includes a virtual security code generating function.According to an embodiment, the virtual security code is an OTP codegenerated by using time data (that is, the virtual code generationrequesting time point), an intrinsic card value, and a card securitycode (that is, a CVC or CVV of the real card number) of a real cardnumber. The intrinsic card value refers to an intrinsic value assignedto the payment card. In other words, the intrinsic card value is anintrinsic value assigned to the payment card corresponding to theelectronic device. The first virtual code generating module may sore theintrinsic card value and a card security code therein to generate thevirtual security code.

In detail, the first virtual code generating module generates a virtualsecurity code through One Time Password (OTP; a user authenticationscheme employing a disposable password randomly generated instead of afixed password). In other words, the first virtual code generatingmodule generates an OTP by using, as key data, time data (that is, thevirtual code generation requesting time point), an intrinsic card value,and a card security code (that is, a CVC or CVV of the real card number)of a real card number

The virtual code output application receives the virtual security codefrom the payment card through wireless communication. According to anembodiment, the first virtual code generating module encrypts thevirtual security code using a password as the key data and transmits thevirtual security code. The virtual code output application having theencrypted virtual security code received therein performs decryptionbased on a payment card password stored therein, thereby detecting thevirtual security code. The password may be set in the process ofinitially linking the payment card and the virtual code outputapplication, or may be set as a serial number of the payment card. Themobile terminal may receive the virtual security code and provide thevirtual code to the virtual code output application, through variouswireless communication schemes.

The second virtual code generating module generates at least onedetailed code through at least one detailed code generating function(S340). The second virtual code generating module included in thevirtual code output application generates a plurality of detailed codessuitable for a unit count, at which the generation of the virtual codeis requested, using the virtual security code received from the firstvirtual code generating module in the virtual code output application.In other words, the virtual code generating module may reflect thevirtual security code in generating the first code and the second codewithout outputting the virtual code to the outside.

The plurality of detailed codes may include: a first code generatedbased on a first count; and a second code generated based on the secondcount. The first count is the number of unit counts elapsed from theinitial time point at which the virtual code generating function is runin the virtual code verifying server, and the second count is the numberof unit counts elapsed from a time point at which the real card numberof a specific user is issued. In other words, a first function forgenerating the first code is a function for providing a specific codevalue corresponding to the first count, and a second function forgenerating a second code is a function for providing a specific codevalue corresponding to the second count.

In other words, the second virtual code generating module applies thevirtual security code to a second count (that is, the number of countsshifted from the issued time point of the real card number) or thenumber (that is, the number of counts shifted from the current timepoint) of counts elapsed from a current time point. In this case, thesecond virtual code generating module generates the first code byapplying, to the first count, the number of counts, which is obtained byadding a count (that is, the count serving as a basis of the generationof the second code), which corresponds to the issued time point of thereal card number, to the virtual security code.

In detail, the second virtual code generating module generates the firstcode corresponding to the count obtained by adding the virtual securitycode to the issued time point of the real card number, and generates thesecond code of the count corresponding to the virtual security code. Inother words, the first code and the second code are generated based on acount shifted by the virtual security code from a time point A, at whichthe real card number is issued to a first user. The count shifted fromthe time point A may be a count prior to or posterior to a countcorresponding to the current time point, depending on the virtualsecurity code value. Accordingly, as another person fails to recognizethe providing sequence (that is, the first function and the secondfunction) of the first code and the second code forming the virtualcode, security may be improved.

The first code of the plurality of detailed codes is a code for settinga starting point of detecting the storage position of the real cardnumber in the financial company server and virtual token verifyingserver, and the second code of the plurality of detailed codes may be acode for setting a detecting path of the storage position from thestarting point depending on a specific detecting scheme. The searchingscheme may be determined by a storage position detecting algorithm.

In addition, according to another embodiment, when a first code or asecond code having N digits is generated using M characters, the virtualcode generating function includes a first function or a second functionto provide the first code or the second code generated by changing M^(N)codes at every unit count. In other words, the first function or thesecond function, which is a function to generate M^(N) codes, which arenot duplicated as the count increases, generates a specific one of M^(N)codes as the first code or the second code at a count corresponding to aspecific time point. Accordingly, the virtual code generating unit 110generates a new virtual code at every unit count by generating a newdetailed code (that is, the first code or the second code) at every unitcount without duplicating the first code or the second code for a M^(N)count (that is, time length corresponding M^(N) count). Although thefirst code and the second code have the correlation for detecting thestorage position of the real card number in the financial company serveror the virtual token verifying server, the virtual code generator or auser client includes a first function to generate the first code and asecond function to generate the second code for enhancing the security,but may not include data on the correlation between the first code andthe second code.

In detail, as the virtual code generating function generates a firstcode or a second code having N digits using M characters, when M^(N)codes are used as the first code or the second code, each code ismatched at every count from the initial time point at which the detailedcode generating function is run. For example, when the count client isset to one second, the detailed code generating function matchesdifferent M^(N) codes at every second from the time point in which thedetailed code generating function is initially run. In addition, whenthe period of using a specific detailed code generating function or ause period (e.g., the validate period of the payment card to generatethe virtual code) of the virtual code generator is set to be a timelength shorter than the time length (for example, M^(N) second when thefirst count is one second) corresponding to an M^(N) count, theduplicated code of the first code or the second code is not generatedfor the use period. In other words, when the count increases over time,and when the user requests the virtual code generator or the user clientto generate a virtual code at a specific time point, the virtual codegenerator or the user client may generate, as the first code or thesecond code, a code value matched to a count corresponding to thespecific time point.

The second virtual code generating module generates a virtual codethrough combination of at least one detailed code through at least onedetailed code generating function (S360). A scheme of generating onevirtual code by combining a plurality of detailed codes may includevarious schemes. For example, the detailed code generating function maygenerate a virtual code through a scheme of alternately placing a firstcode having N digits and a second code having N digits. In addition,according to another embodiment, the detailed code generating functionmay be a function of placing the second code after the first code. Asdetailed codes included in the virtual function are increased, variousdetailed code generating functions may be generated.

In addition, according to another embodiment, the virtual code combiningfunction couple a fixed code with the first code and the second code.The virtual code may include a fixing code, which is not changed todistinguish between groups, together with a plurality of detailed codes.The fixed code includes a code for identifying the code or virtual codefor determining a card company or card type corresponding to the realcard number. The fixed code is connected to a specific position of thevirtual code. For example, when the virtual code generating function isassigned for each card company or each card type, the virtual codegenerator or the user client uses the first six digits, which representthe card company or the card type, of card numbers. Accordingly, thefinancial company server or the virtual token verifying server mayidentify a specific card company or a specific card type to which thevirtual code generator is applied in the virtual code generator or theuser client. In other words, the fixed code is a code for determiningthe card company or card type corresponding to the real card number.

In addition, according to another embodiment, when the virtual codecorresponds to a virtual token, the fixed code includes information or acode identifying that the virtual code corresponds to the virtual token.When a payment service server (for example, VAN server or PG companyserver) or a payment terminal (for example, kiosk device or POS device)receives only the virtual token, the payment service server or thepayment terminal fails to distinguish among a real card number, avirtual card number directly matched to the real card number and used inthe financial company server, or the virtual token to be verified in thevirtual token verifying server. Accordingly, the virtual code outputprogram includes information or a code identifying the virtual token inthe fixed code. For example, the virtual code output program and thepayment card may utilize, as the fixed code, a code that corresponds toan issuer identification number in the real card number of the user andallows the identification of the virtual token. For example, a new codematched to the IIN is assigned as the fixed code and used by using sixdigits corresponding to the IIN in the real card number. The virtualtoken verifying server may store the matching relation between the fixedcode and the IIN, which is identical to the matching relation in thevirtual code output program or the payment card. Accordingly, when thevirtual token is received, the card company and the card type of thereal card number may be detected based on the fixed code.

The fixed code is connected to a specific position of the virtual code.When the virtual code generating function is assigned for each card typegroup, the virtual token verifying server or the financial companyserver may determine the card type group only when first extracting thefixed code from the virtual code. Therefore, the fixed code may beconnected to a specific position (for example, the same position as aposition of the IIN of the real card number) in the virtual code suchthat the fixed code is separated without an additional function.

The second virtual code generating module outputs a virtual code onscreen (S380). According to an embodiment, the virtual code outputapplication outputs, in the form of a text, the virtual code on thescreen. In addition, according to another embodiment, the virtual codeoutput application generates the virtual code in the form of a bar codeor a QR code to be output on the screen. When only the bar code or theQR code is used in offline payment, the virtual code output applicationgenerates the virtual code in the form of a bar code or a QR code to beoutput on the screen.

According to an embodiment, the virtual code output application mayinclude a user interface for selecting the type of outputting thevirtual code on the screen. For example, when a text output mode isoutput by a user, the virtual code output application outputs thevirtual code in the form of a text. When an image output mode is outputby the user, the virtual code output application outputs the virtualcode in the form of a QR code or a bar code.

In addition, according to another embodiment, the virtual code outputapplication further includes providing the virtual code to a clipboard(S390) as illustrated in FIG. 5. The virtual code provided to theclipboard is input to an online payment page in response to theoperation of the user. For example, when the user performs onlinepayment using the virtual code output on the screen by the virtual codeoutput application, the user has to input the virtual code displayed onthe screen of the virtual code output application into an onlineshopping application or a web browser. To directly input the virtualcode to the screen of the application providing the payment page, theuser has to repeat the procedure of alternately displaying, on thescreen, the virtual code output application and the application forproviding the payment page, so the user feels uncomfortable.Accordingly, the virtual code output application provides the virtualcode data to the clipboard such that the virtual code may be easilyinserted into another application.

In addition, according to another embodiment, a virtual security code isused to determine, in the virtual code verifying server, whether thevirtual code transmitted through the payment card is normally produced.In other words, the virtual code verifying server extracts the virtualsecurity code (that is, the received virtual security code) from thevirtual code after receiving the virtual code obtained by a financialtransaction terminal, and determines whether the virtual code is normalby identifying that the received virtual security code is normallygenerated at the financial transaction request time point, based oninformation (that is, the virtual security code generating function, anintrinsic card value, and a card security code a real card number)stored in the virtual code verifying server.

For example, when the virtual security code is used for the second count(that is, a clock is not included in the payment card to obtain acurrent time), after the virtual code verifying server (for example, thefinancial company server) extracts the virtual security code from thesecond code generated based on the virtual security code, the virtualcode verifying server determines whether there is a value, which ismatched to the virtual security code, of OTP numbers calculated byinputting a count in a specific range from a count, in which the virtualcode is received, into the virtual security code generating function(that is, OTP function). The virtual code verifying server obtains avirtual security code value (that is, OTP function value) used togenerate the second code by applying the inverse function of the secondfunction to the second code, and finds out a count in which the samevalue as the virtual security code value is calculated. As there is adifference between a time point, at which the virtual security code isgenerated from the virtual code generating unit, and a time point, atwhich the virtual code verifying server receives the virtual securitycode, due to the transmission time or the delay of the virtual code, thecount, in which the virtual code verifying server receives the virtualcode, may not be matched to a count in which an OTP number correspondingto the virtual security code is generated. Accordingly, the virtual codeverifying server allows an error range from the count in which thevirtual code is received. Accordingly, even if another person hacks thesecond virtual code generating module to find out the first function andthe second function, if the another person fails to obtain a normalvirtual security code in real time, the virtual code matched to thefinancial transaction request time point is not generated.

As described above, according to an embodiment of the inventive concept,the method of outputting the virtual code, which is generated from thepayment card, on the screen, is implemented in the form of a program (orapplication) to be stored in a medium, so as to be executed incombination with a computer which is hardware.

The above-described program is a code formed in a computer language,such as C, C++, JAVA, or a machine language, that a central processingunit (CPU) of the computer can be read through a device interface of acomputer, such that the computer reads the program and executes methodsimplemented with the program. The code may include a functional coderelated to a function defining function necessary for executing themethods, and include a control code related to an execution procedurenecessary for the functions executed by the processor of the computer ina predetermined procedure. In addition, the code may further include amemory reference code indicating a location (address) of the internal orexternal memory of the computer, which is referred to by that additionalinformation or media required for the computer's processor to executethe functions. In addition, when it is necessary for the processor ofthe computer to communicate with another computer or server at a remoteplace to execute the function, the code may further include acommunication-related code indicating another computer or server at aremote place, a communication scheme with the another computer or serverthrough the communication module of the computer, and an information ormedia type to be transmitted or received in communication.

The stored medium does not refer to a medium to store data for a shorttime such as a register, a cache, or a memory. A medium that storesdata, but a medium which stores data semi-permanently and readable by adevice. In detail, the storage medium includes, for example, a ROM, aRAM, a CD-ROM, a magnetic tape, a floppy-disk, or an optical data stagedevice, but the inventive concept is not limited thereto. In otherwords, the program may be stored in various recording media on variousservers to be accessed by the computer, or various recording media onthe computer of the user. In addition, the media may be distributed incomputer systems connected over the network, and codes readable by thecomputer may be stored in the distribution scheme.

FIG. 6 is a block diagram illustrating the internal structure of thepayment card to transmit the virtual code through short-range wirelesscommunication, according to still another embodiment of the inventiveconcept.

Referring to FIG. 6, according to still another embodiment of theinventive concept, the payment card 10 include a virtual code generatingunit 110 and a virtual code transmitting unit 120. Hereinafter, theduplicated description of the above components will be omitted.

The virtual code generating unit 110 generates a virtual code. Thevirtual code is generated as a code matched to a real card numberthrough the virtual code generating function, which is stored in thepayment card, at every unit count, and is used to detect the real cardnumber in a financial company server or a virtual token verifyingserver. For example, the virtual code generating unit 110 includes avirtual code generating module (for example, a first virtual codegenerating module and a second virtual code generating module).

The virtual code transmitting unit 120 transmits a virtual code to themobile terminal after recognizing the connection with the mobileterminal through the short-range wireless communication. The mobileterminal outputs, on the screen, the virtual code received from thepayment card through the virtual code output application 40.

FIG. 7 is a block diagram illustrating the internal structure of thepayment card to transmit an encrypted code based on a virtual code,according to still another embodiment of the inventive concept.

Referring to FIG. 7, according to another embodiment of the inventiveconcept, the payment card 20 includes a virtual code generating unit210, a timer 220, an encrypted code generating unit 230, and a wirelesscommunication unit 240. Hereinafter, the duplicated description of theabove components will be omitted.

The virtual code generating unit 210 generates a virtual code. Thevirtual code is generated at every unit count by the virtual codegenerating function. The virtual code is generated as a code matched toa real card number through the virtual code generating function storedin the payment card, at every unit count, and is used to detect the realcard number in a financial company server or a virtual token verifyingserver. For example, the virtual code generating unit 210 includes avirtual code generating module (for example, a first virtual codegenerating module and a second virtual code generating module).

The timer 220 synchronizes the time of the encryption algorithm throughwireless communication with the mobile terminal.

The encrypted code generating unit 230 generates an encrypted code fromthe virtual code based on the synchronized encryption algorithm.

The wireless communication unit 240 transmits the encrypted code to themobile terminal through wireless communication, and transmitssynchronization condition data to the mobile terminal or receives thesynchronization condition data from the mobile terminal. The mobileterminal outputs, on the screen, the virtual code received from thepayment card through the virtual code output application 40.

FIG. 8 is a block diagram illustrating the internal structure of thepayment card to transmit a virtual security code according to stillanother embodiment of the inventive concept.

Referring to FIG. 8, according to still another embodiment of theinventive concept, the payment card 30 includes a first virtual codegenerating module 31. The first virtual code generating module 31includes a virtual code generating unit 310 and a wireless communicationunit 320. Hereinafter, the duplicated description of the abovecomponents will be omitted.

The virtual code generating unit 310 generates a virtual security codeusing a time value and the card security code of the real card number.The virtual security code is a disposable code having a specific digitnumber.

The wireless communication unit 320 transmits the virtual security codeto the mobile terminal. A virtual code output application 40 including asecond virtual code generating module 41 is embedded in or installed inthe mobile terminal. The second virtual code generating module 41generates a plurality of detailed codes matched to a unit count in whichthe generation of the virtual code is requested using the virtualsecurity code, generates a virtual code by combining the plurality ofdetailed codes, and outputs the virtual code on the screen.

The virtual code is generated as a code matched to a real card numberthrough the virtual code generating function, which is stored in thepayment card, at every unit count, and is used to detect the real cardnumber in a financial company server or a virtual token verifyingserver. The ‘unit count’ is set as a specific time interval and changedas the time interval is elapsed.

Although embodiments of the inventive concept have been described withreference to accompanying drawings, those skilled in the art shouldunderstand that various modifications are possible without departingfrom the technical scope of the inventive concept or without changingthe subject matter of the inventive concept. Therefore, those skilled inthe art should understand that the technical embodiments are providedfor the illustrative purpose in all aspects and the inventive concept isnot limited thereto.

As described above, the inventive concept has following various effects.

First, even if the payment card generating the virtual code has nodisplay, the virtual code may be identified through the mobile terminal,so online payment or offline payment requiring the direct input of thevirtual code or the recognition of a bar code or a QR code may beperformed.

Second, another person may be prevented from intercepting the virtualcode to be used for payment in the process of providing the virtual codeto the mobile terminal.

Third, even if the payment card has no display, the virtual code may bevisually identified, so the manufacturing costs of the payment card maybe saved.

While the inventive concept has been described with reference toexemplary embodiments, it will be apparent to those skilled in the artthat various changes and modifications may be made without departingfrom the spirit and scope of the inventive concept. Therefore, it shouldbe understood that the above embodiments are not limiting, butillustrative.

What is claimed is:
 1. A method for outputting a virtual code, which isgenerated from a payment card, on a screen, the method comprising:receiving, by a virtual code output application, the virtual code fromthe payment card after connecting the payment card with a mobileterminal through short-range wireless communication; and outputting, bythe virtual code output application, the virtual code on the screen,wherein the virtual code output application is installed or embedded inthe mobile terminal, wherein the virtual code is generated as a code,which is matched to a real card number, through a virtual codegenerating function stored in the payment card, at every unit count, andis used to detect the real card number in a financial company server ora virtual token verifying server, and wherein the unit count is set as aspecific time interval and changed as the specific time interval iselapsed.
 2. The method of claim 1, wherein the virtual code outputapplication is activated when the short-range wireless communication ismade between the payment card and the mobile terminal as the virtualcode output application is run in background in the mobile terminal. 3.A method for outputting a virtual code, which is generated from apayment card, on a screen, the method comprising: synchronizing, by avirtual code output application, time of an encryption algorithm throughwireless communication between a virtual code output application and thepayment card; receiving, by the virtual code output application, anencrypted code generated from the payment card, wherein the encryptedcode is obtained by encrypting the virtual code generated from thepayment card based on the synchronized encryption algorithm; decrypting,by the virtual code output application, the encrypted code to thevirtual code based on the encryption algorithm; and outputting, by thevirtual code output application, the virtual code on the screen, whereinthe virtual code is generated as a code matched to a real card numberthrough a virtual code generating function stored in the payment card,at every unit count, and is used to detect the real card number in afinancial company server or a virtual token verifying server; andwherein the unit count is set as a specific time interval and changed asthe specific time interval is elapsed.
 4. The method of claim 3, whereinthe encryption algorithm is matched to an encryption rule every time. 5.The method of claim 3, wherein the payment card generates a plurality ofdetailed codes through a plurality of detailed code generatingfunctions; and generates the virtual code by combining the plurality ofdetailed codes through a detailed code combining function, wherein thedetailed code generating function and the detailed code combiningfunction are included in the virtual code generating function, andwherein the plurality of detailed codes include: a first code to set astarting point of detecting a storage position; and a second code to seta search path to the storage position from the starting point accordingto a specific searching scheme.
 6. A method for outputting a virtualcode, which is generated from a payment card, on a screen, the methodcomprising: receiving, by a second virtual code generating module, avirtual security code from a first virtual code generating module;generating, by the second virtual code generating module, a plurality ofdetailed codes through a plurality of detailed code generatingfunctions; generating, by the second virtual code generating module, thevirtual code through combination of the plurality of detailed codesthrough at least one detailed code combining function; and outputting,by the second virtual code generating module, the virtual code on thescreen, wherein the virtual code is generated as a code matched to areal card number through a virtual code generating function stored inthe payment card, at every unit count, and is used to detect the realcard number in a financial company server or a virtual token verifyingserver, wherein the virtual code generating function includes thedetailed code generating function and the detailed code combiningfunction, wherein the first virtual code generating module is includedin the payment card, wherein the second virtual code generating moduleis included in a virtual code output application embedded or installedin a mobile terminal, generates the plurality of detailed codes matchedto a unit count in which generation of the virtual code is requestedusing the virtual security code, generates the virtual code by combiningthe plurality of detailed codes, and outputs the virtual code on thescreen, and wherein the unit count is set as a specific time intervaland changed as the specific time interval is elapsed.
 7. The method ofclaim 6, wherein the plurality of detailed codes include: a first codegenerated based on a first count; and a second code generated based on asecond count, wherein the first count is the number of unit countselapsed from an initial time point at which the virtual code generatingfunction is run in a virtual code verifying server, wherein the secondcount is the number of unit counts elapsed from a time point at which areal card number of a specific user is issued, and wherein thegenerating of the at least one detailed code includes: applying thevirtual security code to the second count or the number of countselapsed from a current time point.
 8. The method of claim 1, furthercomprising: providing, by the virtual code output application, thevirtual code to a clipboard, wherein the virtual code provided on theclipboard is input to an online payment page in response to an operationof a user.
 9. The method of claim 3, further comprising: providing, bythe virtual code output application, the virtual code to a clipboard,wherein the virtual code provided on the clipboard is input to an onlinepayment page in response to an operation of a user.
 10. The method ofclaim 6, further comprising: providing, by the virtual code outputapplication, the virtual code to a clipboard, wherein the virtual codeprovided on the clipboard is input to an online payment page in responseto an operation of a user.